b'       ~\n\n           NATIONAL \n\n       ARCHIVES \n\n      OFFICE of \n\n INSPECTOR GENERAL \n\n\n\nDate           October 13,2011\n\nReply to\nAttn of:       Office ofInspector General (OIG)\n\nSubject:       Management Letter No. 12-01, Network Outage\n\nTo         :   David S. Ferriero, Archivist of the United States (N)\n\nOn September 13,2011 NARA experienced an internet outage from a cut fiber-optic cable\nlasting approximately 32 hours and significantly affecting NARA\'s operations. During that time,\nNARA staff were not able to access home and shared drives, email, the Internet, and numerous\ncritical applications needed to perform their jobs. In addition, NARA\'s customers were not able\nto access agency services because the outage affected NARA\'s external websites as well. This\nManagement Letter brings two separate issues to your attention discovered as a result of this\noutage; NARA has no failover Internet connection, and NARA\'s continuity of operations\n(COOP) site may not be able to independently operate if there is an incident at All.\n\nNARA does not have a failover Internet connection to restore Internet and other services within a\ntimely manner. According to the Executive for Business Support Services, when NARA\nimplemented the Trusted Internet Connection (TIC) the Internet was no longer provided by a\nseparate telecommunications circuit into one or more of our facilities. Instead it is provided\nthrough the MPLS wide area network (WAN) which is provided and managed by a service\nprovider. According to the service provider, ifNARA had diversity (i.e. dual access) in the\nnetwork, the outage would have been prevented. The service provider reported they are looking\ninto a diversity option.\n\nNARA officials overseeing the network architecture should have known the design of the\nnetwork created a single point of failure, and taken action to address this risk before NARA\'s\nmission and business capabilities were impacted. Under the TIC initiative, the Office of\nManagement and Budget approved two internet connections for NARA. The original planned\nimplementation of TIC was to have two connections: one at All and one in St. Louis. However,\nNARA only has one connection. Thus this outage was not a result of the TIC initiative, but of\nfaulty implementation. One of the findings in our Audit of the TIC at NARA (OIG Audit Report\n11-17) was that NARA officials relied on a contractor to determine the requirements for NARA\'s\nenvironment. This reliance was misplaced, and should not have been endorsed by NARA\nofficials.\n\x0cDuring this outage NARA did not implement their network disaster recovery plan or use the\nCOOP site. NARANet operations should be able to be restored through the COOP site.\nHowever, according to the Executive for Business Support Services, implementation of the\nCOOP site would not have restored services to staff and systems at AI and All because the\nCOOP site relies on the MPLS WAN connection which was severed during this event. While it\nis not possible to prevent all incidents, NARA could have limited the impact of this event by\ndesigning and implementing resiliency into the network.\n\nFinally, the COOP site is supposed to be able to independently function should there be an\nincident at NARA\' s primary locations, including All. The day-to-day functioning of most of\nNARANet\'s functionality at the COOP site is completely dependent on equipment housed at All.\nThe technical experts at the COOP site stated they believed the right equipment was in place to\ntheoretically restore needed files and run an independent system. However, this independent\nsystem for the COOP site has never been fully tested or stood up. Furthermore, NARA has no\npolicies or procedures in place for how such an activation would occur. Should an event at All\nhappen right now requiring independent COOP activation, the technical experts at the COOP site\nwould not be able to timely establish an independent IT system with the needed functionality.\n\nThe OIG plans to perform an audit ofNARA\'s network architecture and an audit ofNARA\'s\nCOOP activities during FY 2012 which will focus on these two areas in more detail. If you have\nany questions conceming the information presented in this Management Letter, please contact\nme at (301) 837-1532.\n\n\n\n~;q~c_-_ c.\nInspector General\n\n\n\n\n                                                 Page 2\n                              1\\.1A R A \'< ",ph <itp i< httn\xc2\xb7//www   n;!r;!   O"()V\n\x0c'